CVE-2023-33306

CVE Database · CVE-2023-33306

CVE-2023-33306

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.84%

Published

Jun 16, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-476CWE-476

Affected Products (5)

fortinet · fortiproxy (up to 7.0.10)vulnerable

fortinet · fortiproxy (up to 7.2.4)vulnerable

fortinet · fortios (up to 6.4.13)vulnerable

fortinet · fortios (up to 7.0.11)vulnerable

fortinet · fortios (up to 7.2.5)vulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-23-015

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-015

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs